wyrm-mcp 7.2.0 → 7.2.2

package/dist/daemon-writer.js

@@ -1,406 +1,2 @@
-/**
- * Daemon-as-writer CLIENT (v7 F2, T012) — OPT-IN via WYRM_DAEMON_WRITES=1.
- *
- * Article I — the stdio direct path stays FIRST-CLASS and is the default:
- * with the env var unset (the default), nothing here ever touches the
- * network; every write runs the same local synchronous better-sqlite3 path
- * it always has. When opted in, the canonical write paths (data-lake insert,
- * failure_record, truth_set, capture) route their WRITES over loopback HTTP
- * to the running daemon's `POST /write` (daemon-write-endpoint.ts), funneling
- * a multi-process fleet's writes through ONE writer process so the others
- * stop contending for the SQLite write lock. READS always stay local.
- *
- * FAIL-DIRECT (the documented Article I choice, not fail-loud) — but ONLY on
- * outcomes that prove the daemon did NOT commit (v7 F2 review fix): the
- * daemon absent (connection refused — the request was never delivered),
- * unauthorized (401), op-rejected ({e}), or the daemon's own structured BUSY
- * report (503 — the write threw before committing). Those writes fall back to
- * the local direct path with a ONE-TIME stderr warning naming the reason (the
- * warnStderr discipline: stdout is the MCP wire). Rationale: Wyrm is memory;
- * an unreachable daemon must never cost a memory write, and the direct path
- * is guaranteed to work offline (Article I).
- *
- * AMBIGUOUS outcomes are NOT fail-direct (v7 F2 review fix — Article VI data
- * safety): a timed-out request or a lost response may have been delivered and
- * COMMITTED daemon-side (the daemon's busy_timeout is 5000ms — longer than
- * this client's 2000ms first budget — and a client-side abort cannot cancel a
- * synchronous better-sqlite3 write already executing). Silently writing
- * direct on top of that double-writes canonical memory: duplicate artifact/
- * quest/data rows, a spurious truth supersession, double-counted failure
- * occurrences. Instead:
- *   1. Every forwarded write carries a client-minted ULID `write_id`
- *      (idempotency key). The daemon replays — never re-executes — a
- *      write_id it already committed (daemon-write-endpoint.ts).
- *   2. An ambiguous first attempt is RE-SENT with the SAME write_id under an
- *      extended budget that outlives one full daemon busy_timeout window
- *      (DAEMON_WRITE_RETRY_TIMEOUT_MS) — a live daemon answers it
- *      definitively (replayed commit, fresh execution, or a rejection that
- *      proves no commit happened).
- *   3. Still ambiguous after the re-send → throw a structured
- *      WYRM_DAEMON_AMBIGUOUS error (the dispatcher maps it to the WYRM_BUSY-
- *      style retryable body). The pending write_id AND the exact body bytes
- *      first sent are remembered, keyed by write content (or by the caller's
- *      idempotencyMaterial — see below) within a bounded TTL
- *      (PENDING_WRITE_TTL_MS), so the caller's instructed retry re-enters
- *      with the same key, re-sends the ORIGINAL bytes, and the daemon still
- *      cannot apply it twice. Entries expire on read: a breadcrumb older
- *      than the TTL is never adopted — a genuinely new identical-content
- *      write hours later mints fresh instead of silently replaying a stale
- *      committed row. Deletes are GUARDED by write_id, so a concurrent
- *      identical-content call's definitive outcome cannot destroy another
- *      call's breadcrumb.
- *   4. Bounded retry, deterministic errors surface: a daemon-side
- *      SQLITE_CONSTRAINT throw (provably rolled back — every op is one
- *      statement or one IMMEDIATE transaction) arrives as the rejected {e}
- *      shape and FAILS DIRECT, so the real domain error (a CHECK-violating
- *      enum, a stale FK) surfaces through the local path exactly as in
- *      non-daemon mode. Any write that stays ambiguous for
- *      DAEMON_AMBIGUOUS_CYCLE_CAP consecutive instructed-retry cycles throws
- *      a NON-retryable error naming the last daemon response — a persistent
- *      environmental 5xx (SQLITE_FULL, SQLITE_READONLY) becomes a loud
- *      error, never an unbounded retry livelock.
- *   Idempotency identity vs encryption: data_insert under WYRM_ENCRYPTION_KEY
- *   produces a FRESH ciphertext per call (random salt + IV), so the wire
- *   input can never key the retry contract. The caller passes the
- *   PRE-encryption tuple as idempotencyMaterial; the pending entry's stored
- *   body bytes guarantee the retry re-sends the original ciphertext, keeping
- *   the daemon-side row identical across retries.
- *   Residual at-least-once windows (documented):
- *     - the daemon crashing after commit but before any response — its
- *       in-memory dedup ledger dies with it, and a later fail-direct
- *       (connection refused) can then land a second row;
- *     - a caller-level retry arriving after the pending breadcrumb's TTL or
- *       the daemon ledger's retention horizon (daemon-write-endpoint.ts
- *       DEDUP_TTL_MS) — the write executes fresh and VISIBLY (a possible
- *       duplicate row), never a silent stale replay;
- *     - within the pending TTL, a genuinely NEW logical write whose content
- *       is byte-identical to a still-pending ambiguous one shares its retry
- *       contract (they are indistinguishable on the wire) — the TTL bounds
- *       this window to seconds, not hours.
- *
- * Article VII — minimal env, token required, loopback only:
- * - Target host is HARDCODED to 127.0.0.1 (the 6.14.1 bind default). There is
- *   deliberately NO host env var: writes-over-network beyond loopback is not
- *   a thing this module can be configured into.
- * - Bearer token comes from WYRM_TOKEN — the SAME env contract the hook
- *   clients (scripts/hooks/wyrm-push.py) already use for the http-auth token.
- *   No token → we never even attempt the daemon (no unauthenticated attempts,
- *   and the dashboard's X-Wyrm-Origin:ui trust path is NOT used here).
- * - Env surface is exactly: WYRM_DAEMON_WRITES, WYRM_TOKEN, WYRM_PORT.
- *
- * Attribution (v7 F2 review fix): the caller's ambient actor envelope (T009)
- * rides IN THE REQUEST BODY as `actor: {agent_id, run_id}` — always, even
- * when both are null — so a run-only envelope (run_id without agent_id, which
- * the `Wyrm-Actor: agent_id[;run_id]` header grammar cannot express) survives
- * the hop, and the daemon NEVER substitutes its own process env for a
- * forwarded write (an absent caller identity stays NULL/legacy instead of
- * being stamped with the daemon's WYRM_RUN_ID, which would silently flip the
- * T014 quarantine tier). The header is still sent when agent_id is known, for
- * older daemons that predate the body envelope.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { getActor } from './handlers/boundary.js';
-import { ulid } from './ulid.js';
-import { WYRM_DAEMON_AMBIGUOUS_CODE } from './sqlite-busy.js';
-/**
- * Hard per-write budget for the FIRST attempt. Loopback HTTP to a healthy
- * daemon is single-digit milliseconds; 2s only matters when the daemon itself
- * is stuck mid busy_timeout — past that the attempt is AMBIGUOUS (the daemon
- * may still commit) and the re-send protocol below takes over.
- */
-export const DAEMON_WRITE_TIMEOUT_MS = 2000;
-/**
- * Budget for the same-write_id RE-SEND after an ambiguous first attempt.
- * Deliberately longer than the daemon's busy_timeout=5000 (database.ts): a
- * daemon stuck in one full busy window — the realistic ambiguity — finishes
- * inside this budget and answers the re-send definitively (replay or reject),
- * turning commit-after-abort from a silent double-write into an observed
- * outcome.
- */
-export const DAEMON_WRITE_RETRY_TIMEOUT_MS = 6000;
-/**
- * How long an AMBIGUOUS write's breadcrumb (write_id + first-sent bytes)
- * stays adoptable. It only needs to span the instructed-retry window (the
- * structured body advises retry_after_ms=1000 plus an agent turn), and every
- * further ambiguous cycle refreshes it. Past the TTL a byte-identical call is
- * a NEW logical write and mints fresh — the alternative (no expiry) let a
- * stale breadcrumb silently replay an hours-old committed row for a
- * genuinely new identical-content write (failure accrual is the norm there).
- */
-export const PENDING_WRITE_TTL_MS = 5 * DAEMON_WRITE_RETRY_TIMEOUT_MS;
-/**
- * Consecutive ambiguous instructed-retry cycles allowed per pending write
- * before the structured retryable error gives way to a NON-retryable one. A
- * transient daemon stall resolves in one or two cycles; past the cap the
- * cause is persistent (an environmental daemon-side error: SQLITE_FULL,
- * SQLITE_READONLY, a wedged event loop) and instructing further retries is a
- * livelock, not a recovery path.
- */
-export const DAEMON_AMBIGUOUS_CYCLE_CAP = 3;
-/** The non-retryable terminal code for a write that exhausted its ambiguous
- * cycles. Deliberately NOT classified by retryableWriteCause: the dispatcher
- * must surface it loudly through the generic error tail, not re-instruct a
- * retry. */
-export const WYRM_DAEMON_RETRY_EXHAUSTED_CODE = 'WYRM_DAEMON_RETRY_EXHAUSTED';
-export function daemonWritesEnabled(env = process.env) {
-    return env.WYRM_DAEMON_WRITES === '1';
-}
-// One-time-per-process fallback warning (the deprecations.ts discipline):
-// the first fallback names its reason on stderr, later ones stay silent so a
-// daemon-less opt-in session doesn't spam every single write.
-let warnedFallback = false;
-const pendingWriteIds = new Map();
-const PENDING_WRITE_CAP = 256;
-/** Test hook: reset the one-time warning + pending-key state. */
-export function _resetDaemonWriterForTests() {
-    warnedFallback = false;
-    pendingWriteIds.clear();
-}
-/** Test hook: age every pending breadcrumb by `ms` (drives TTL expiry without a clock). */
-export function _agePendingWritesForTests(ms) {
-    for (const entry of pendingWriteIds.values())
-        entry.expiresAt -= ms;
-}
-function warnFallbackOnce(reason) {
-    if (warnedFallback)
-        return;
-    warnedFallback = true;
-    try {
-        process.stderr.write(`[wyrm] WYRM_DAEMON_WRITES=1 but the daemon write path was not used (${reason}); ` +
-            `falling back to the local direct write path (Article I). Further fallbacks this process are silent.\n`);
-    }
-    catch { /* warnings must never break a write */ }
-}
-function rememberPending(key, entry) {
-    if (!pendingWriteIds.has(key) && pendingWriteIds.size >= PENDING_WRITE_CAP) {
-        const oldest = pendingWriteIds.keys().next().value;
-        if (oldest !== undefined)
-            pendingWriteIds.delete(oldest);
-    }
-    pendingWriteIds.set(key, entry);
-}
-/** Adopt a pending breadcrumb only while it is fresh; a lapsed one is deleted
- * so the caller mints a NEW write_id (a visible fresh execution — never the
- * silent stale replay an unexpiring breadcrumb produced). */
-function freshPending(key) {
-    const entry = pendingWriteIds.get(key);
-    if (entry === undefined)
-        return null;
-    if (Date.now() >= entry.expiresAt) {
-        pendingWriteIds.delete(key);
-        return null;
-    }
-    return entry;
-}
-/** Delete the breadcrumb only if it still belongs to THIS call's write_id —
- * a concurrent identical-content call that minted its own id must not have
- * its definitive outcome destroy another call's retry contract. */
-function clearPendingIfOwn(key, writeId) {
-    if (pendingWriteIds.get(key)?.writeId === writeId)
-        pendingWriteIds.delete(key);
-}
-/** True when the socket never connected — the request was provably not
- * delivered, so the daemon cannot have committed anything. fetch()/undici
- * wraps the socket error in `.cause` (sometimes an AggregateError). */
-function isConnectionNeverEstablished(err) {
-    const codes = new Set(['ECONNREFUSED', 'ENOTFOUND', 'EAI_AGAIN']);
-    const seen = new Set();
-    const stack = [err];
-    while (stack.length > 0) {
-        const e = stack.pop();
-        if (e === null || e === undefined || typeof e !== 'object' || seen.has(e))
-            continue;
-        seen.add(e);
-        const code = e.code;
-        if (typeof code === 'string' && codes.has(code))
-            return true;
-        const cause = e.cause;
-        if (cause)
-            stack.push(cause);
-        const errors = e.errors;
-        if (Array.isArray(errors))
-            stack.push(...errors);
-    }
-    return false;
-}
-async function attemptWrite(port, headers, body, timeoutMs) {
-    const ctrl = new AbortController();
-    const timer = setTimeout(() => ctrl.abort(), timeoutMs);
-    try {
-        const res = await fetch(`http://127.0.0.1:${port}/write`, {
-            method: 'POST',
-            headers,
-            body,
-            signal: ctrl.signal,
-        });
-        let parsed = null;
-        try {
-            parsed = await res.json();
-        }
-        catch (err) {
-            // The response started but its body was lost/garbled. The STATUS still
-            // classifies: a 2xx means the daemon committed BEFORE responding, and a
-            // non-503 5xx proves nothing about the commit — both are ambiguous (the
-            // same rule the parseable-body branch below applies; an unreadable body
-            // must not flip the commit-state conclusion). 4xx/503 prove no commit.
-            const msg = err instanceof Error ? err.message : String(err);
-            return res.ok || (res.status >= 500 && res.status !== 503)
-                ? { kind: 'ambiguous', reason: res.ok ? `daemon 2xx response body unreadable: ${msg}` : `daemon answered HTTP ${res.status}` }
-                : { kind: 'rejected', reason: `daemon answered HTTP ${res.status}` };
-        }
-        if (!res.ok) {
-            // 4xx (auth/validation, pre-execution) and 503 (the daemon's own
-            // structured BUSY report — the write threw before committing) prove no
-            // commit. Any other 5xx leaves the commit state unknown.
-            return res.status >= 500 && res.status !== 503
-                ? { kind: 'ambiguous', reason: `daemon answered HTTP ${res.status}` }
-                : { kind: 'rejected', reason: `daemon answered HTTP ${res.status}` };
-        }
-        if (!parsed || parsed.ok !== true || parsed.row == null) {
-            return { kind: 'rejected', reason: `daemon rejected the write: ${parsed?.e ?? 'malformed response'}` };
-        }
-        return { kind: 'ok', row: parsed.row };
-    }
-    catch (err) {
-        const reason = err instanceof Error ? err.message : String(err);
-        if (isConnectionNeverEstablished(err)) {
-            return { kind: 'rejected', reason: `daemon unreachable: ${reason}`, neverSent: true };
-        }
-        // Abort (our timeout), ECONNRESET, socket hang-up, …: the request may
-        // have been delivered and may still commit.
-        return { kind: 'ambiguous', reason: `no response from the daemon: ${reason}` };
-    }
-    finally {
-        clearTimeout(timer);
-    }
-}
-/**
- * Forward one canonical write to the daemon.
- *  - the written row     → the daemon committed it (exactly once);
- *  - null                → take the direct path (PROVEN no daemon commit:
- *                          disabled, no token, never connected, 401/4xx/503,
- *                          op rejected — including a daemon-side
- *                          SQLITE_CONSTRAINT rollback riding the {e} shape);
- *  - throws WYRM_DAEMON_AMBIGUOUS → outcome unknown even after the same-key
- *    re-send; the caller must NOT write directly (Article VI — possible
- *    double-write). The dispatcher maps it to the structured retryable body;
- *    the instructed retry re-enters with the SAME idempotency key and the
- *    SAME first-sent bytes (within PENDING_WRITE_TTL_MS);
- *  - throws WYRM_DAEMON_RETRY_EXHAUSTED → still ambiguous after
- *    DAEMON_AMBIGUOUS_CYCLE_CAP instructed-retry cycles; NON-retryable, names
- *    the last daemon response. The breadcrumb is kept (within its TTL) so an
- *    insistent caller still cannot land the write twice.
- *
- * `opts.idempotencyMaterial`: the PRODUCTION identity seam for ops whose wire
- * input is non-deterministic (data_insert's per-call ciphertext) — the
- * pending key derives from this material instead of `input`, and the stored
- * body bytes make the retry re-send the original ciphertext.
- */
-export async function forwardWrite(op, projectId, input, env = process.env, opts) {
-    if (!daemonWritesEnabled(env))
-        return null;
-    const token = env.WYRM_TOKEN;
-    if (!token) {
-        warnFallbackOnce('WYRM_TOKEN is not set — the http-auth Bearer token is required');
-        return null;
-    }
-    const port = parseInt(env.WYRM_PORT || '3333', 10) || 3333;
-    const headers = {
-        'Content-Type': 'application/json',
-        'Authorization': `Bearer ${token}`,
-    };
-    // Attribution rides in the body (see the module header); the legacy header
-    // form is kept for daemons that predate the body envelope (it cannot carry
-    // a run-only envelope — that is exactly what the body fixes).
-    const actor = getActor();
-    if (actor.agent_id) {
-        headers['Wyrm-Actor'] = actor.run_id ? `${actor.agent_id};${actor.run_id}` : actor.agent_id;
-    }
-    // Idempotency key: ONE ULID per logical write. A write whose earlier
-    // attempt ended AMBIGUOUS keeps its key AND its exact first-sent bytes
-    // (pendingWriteIds, TTL-bounded), so the caller-level retry the structured
-    // error instructs cannot land twice — even when a field of `input` is
-    // non-deterministic per call (the pending key derives from
-    // idempotencyMaterial when given, and the stored body is what gets
-    // re-sent, never a re-serialization).
-    const pendingKey = JSON.stringify([
-        op, projectId, opts?.idempotencyMaterial ?? input, actor.agent_id, actor.run_id,
-    ]);
-    const pending = freshPending(pendingKey);
-    const writeId = pending?.writeId ?? ulid();
-    const body = pending?.body ?? JSON.stringify({
-        op,
-        project_id: projectId,
-        input,
-        write_id: writeId,
-        actor: { agent_id: actor.agent_id, run_id: actor.run_id },
-    });
-    let attempt = await attemptWrite(port, headers, body, opts?.timeoutMs ?? DAEMON_WRITE_TIMEOUT_MS);
-    if (attempt.kind === 'ambiguous') {
-        // The request may have been delivered and may still commit. Re-send the
-        // SAME write_id under a budget that outlives one full daemon busy window:
-        // a live daemon answers definitively (replayed commit / fresh execution /
-        // provable rejection) — exactly once either way.
-        const resend = await attemptWrite(port, headers, body, opts?.resendTimeoutMs ?? DAEMON_WRITE_RETRY_TIMEOUT_MS);
-        attempt = resend.kind === 'rejected' && resend.neverSent
-            // The daemon vanished BETWEEN an ambiguous attempt and the re-send —
-            // the first attempt's commit state is unknowable, so this is NOT the
-            // safe fail-direct refusal, it stays ambiguous.
-            ? { kind: 'ambiguous', reason: `daemon vanished after an ambiguous write attempt (${resend.reason})` }
-            : resend;
-    }
-    if (attempt.kind === 'ok') {
-        clearPendingIfOwn(pendingKey, writeId);
-        return attempt.row;
-    }
-    if (attempt.kind === 'rejected') {
-        clearPendingIfOwn(pendingKey, writeId);
-        warnFallbackOnce(attempt.reason);
-        return null;
-    }
-    // Still ambiguous: refuse the silent local fallback (it could double-write
-    // canonical memory). Refresh the breadcrumb (TTL + cycle count) and surface
-    // the structured retryable error — until the cycle cap, past which the
-    // outcome is a loud NON-retryable terminal error (the cause is persistent;
-    // instructing more identical retries is a livelock, not recovery).
-    const ambiguousCycles = (pending?.ambiguousCycles ?? 0) + 1;
-    rememberPending(pendingKey, {
-        writeId, body, ambiguousCycles,
-        expiresAt: Date.now() + PENDING_WRITE_TTL_MS,
-    });
-    if (ambiguousCycles >= DAEMON_AMBIGUOUS_CYCLE_CAP) {
-        throw Object.assign(new Error(`daemon write for ${op} stayed ambiguous after ${ambiguousCycles} retry cycles ` +
-            `(last daemon response: ${attempt.reason}); giving up on the retry protocol — ` +
-            `the daemon is persistently failing this write (check the daemon's logs/disk), ` +
-            `and the direct fallback stays withheld to avoid a possible duplicate`), { code: WYRM_DAEMON_RETRY_EXHAUSTED_CODE });
-    }
-    throw Object.assign(new Error(`daemon write outcome unknown for ${op} (${attempt.reason}); ` +
-        `refusing the direct fallback to avoid a possible duplicate — retry the same call`), { code: WYRM_DAEMON_AMBIGUOUS_CODE });
-}
-/**
- * The one-line seam the canonical write sites use:
- *
- *   const row = await daemonOr('artifact_add', proj.id, input, () => memory.add(proj.id, input));
- *
- * Daemon mode returns the daemon-written row (same shape — the endpoint calls
- * the same domain method); a PROVEN-no-commit daemon failure runs the local
- * `direct()` thunk (Article I — the direct path is the default and the
- * fallback); an AMBIGUOUS daemon outcome propagates as a structured
- * WYRM_DAEMON_AMBIGUOUS error so the caller retries instead of double-writing
- * (Article VI — see the module header for the exactly-once protocol and its
- * residual windows).
- *
- * `idempotencyMaterial`: pass the STABLE pre-transformation identity when
- * `input` carries a non-deterministic field (data_insert's ciphertext is
- * fresh per call) — it keys the caller-level retry contract so the retry
- * resumes the same write_id and re-sends the same bytes.
- */
-export async function daemonOr(op, projectId, input, direct, idempotencyMaterial) {
-    const row = await forwardWrite(op, projectId, input, process.env, idempotencyMaterial ? { idempotencyMaterial } : undefined);
-    if (row != null)
-        return row;
-    return direct();
-}
-//# sourceMappingURL=daemon-writer.js.map
+import{getActor as k}from"./handlers/boundary.js";import{ulid as y}from"./ulid.js";import{WYRM_DAEMON_AMBIGUOUS_CODE as O}from"./sqlite-busy.js";const A=2e3,h=6e3,M=5*h,N=3,R="WYRM_DAEMON_RETRY_EXHAUSTED";function W(e=process.env){return e.WYRM_DAEMON_WRITES==="1"}let g=!1;const c=new Map,I=256;function Y(){g=!1,c.clear()}function v(e){for(const n of c.values())n.expiresAt-=e}function E(e){if(!g){g=!0;try{process.stderr.write(`[wyrm] WYRM_DAEMON_WRITES=1 but the daemon write path was not used (${e}); falling back to the local direct write path (Article I). Further fallbacks this process are silent.
+`)}catch{}}}function D(e,n){if(!c.has(e)&&c.size>=I){const i=c.keys().next().value;i!==void 0&&c.delete(i)}c.set(e,n)}function S(e){const n=c.get(e);return n===void 0?null:Date.now()>=n.expiresAt?(c.delete(e),null):n}function T(e,n){c.get(e)?.writeId===n&&c.delete(e)}function $(e){const n=new Set(["ECONNREFUSED","ENOTFOUND","EAI_AGAIN"]),i=new Set,a=[e];for(;a.length>0;){const r=a.pop();if(r==null||typeof r!="object"||i.has(r))continue;i.add(r);const d=r.code;if(typeof d=="string"&&n.has(d))return!0;const t=r.cause;t&&a.push(t);const o=r.errors;Array.isArray(o)&&a.push(...o)}return!1}async function b(e,n,i,a){const r=new AbortController,d=setTimeout(()=>r.abort(),a);try{const t=await fetch(`http://127.0.0.1:${e}/write`,{method:"POST",headers:n,body:i,signal:r.signal});let o=null;try{o=await t.json()}catch(s){const l=s instanceof Error?s.message:String(s);return t.ok||t.status>=500&&t.status!==503?{kind:"ambiguous",reason:t.ok?`daemon 2xx response body unreadable: ${l}`:`daemon answered HTTP ${t.status}`}:{kind:"rejected",reason:`daemon answered HTTP ${t.status}`}}return t.ok?!o||o.ok!==!0||o.row==null?{kind:"rejected",reason:`daemon rejected the write: ${o?.e??"malformed response"}`}:{kind:"ok",row:o.row}:t.status>=500&&t.status!==503?{kind:"ambiguous",reason:`daemon answered HTTP ${t.status}`}:{kind:"rejected",reason:`daemon answered HTTP ${t.status}`}}catch(t){const o=t instanceof Error?t.message:String(t);return $(t)?{kind:"rejected",reason:`daemon unreachable: ${o}`,neverSent:!0}:{kind:"ambiguous",reason:`no response from the daemon: ${o}`}}finally{clearTimeout(d)}}async function x(e,n,i,a=process.env,r){if(!W(a))return null;const d=a.WYRM_TOKEN;if(!d)return E("WYRM_TOKEN is not set \u2014 the http-auth Bearer token is required"),null;const t=parseInt(a.WYRM_PORT||"3333",10)||3333,o={"Content-Type":"application/json",Authorization:`Bearer ${d}`},s=k();s.agent_id&&(o["Wyrm-Actor"]=s.run_id?`${s.agent_id};${s.run_id}`:s.agent_id);const l=JSON.stringify([e,n,r?.idempotencyMaterial??i,s.agent_id,s.run_id]),p=S(l),f=p?.writeId??y(),_=p?.body??JSON.stringify({op:e,project_id:n,input:i,write_id:f,actor:{agent_id:s.agent_id,run_id:s.run_id}});let u=await b(t,o,_,r?.timeoutMs??A);if(u.kind==="ambiguous"){const m=await b(t,o,_,r?.resendTimeoutMs??h);u=m.kind==="rejected"&&m.neverSent?{kind:"ambiguous",reason:`daemon vanished after an ambiguous write attempt (${m.reason})`}:m}if(u.kind==="ok")return T(l,f),u.row;if(u.kind==="rejected")return T(l,f),E(u.reason),null;const w=(p?.ambiguousCycles??0)+1;throw D(l,{writeId:f,body:_,ambiguousCycles:w,expiresAt:Date.now()+M}),w>=N?Object.assign(new Error(`daemon write for ${e} stayed ambiguous after ${w} retry cycles (last daemon response: ${u.reason}); giving up on the retry protocol \u2014 the daemon is persistently failing this write (check the daemon's logs/disk), and the direct fallback stays withheld to avoid a possible duplicate`),{code:R}):Object.assign(new Error(`daemon write outcome unknown for ${e} (${u.reason}); refusing the direct fallback to avoid a possible duplicate \u2014 retry the same call`),{code:O})}async function U(e,n,i,a,r){const d=await x(e,n,i,process.env,r?{idempotencyMaterial:r}:void 0);return d??a()}export{N as DAEMON_AMBIGUOUS_CYCLE_CAP,h as DAEMON_WRITE_RETRY_TIMEOUT_MS,A as DAEMON_WRITE_TIMEOUT_MS,M as PENDING_WRITE_TTL_MS,R as WYRM_DAEMON_RETRY_EXHAUSTED_CODE,v as _agePendingWritesForTests,Y as _resetDaemonWriterForTests,U as daemonOr,W as daemonWritesEnabled,x as forwardWrite};